Windscribe VPN on R1 DumaOS

[chimp]

Hi,

Trying to configure my Windscribe VPN service on my R1 (purely because I want to watch foreign Netflix on my Chromecast lol), but I can't seem to get it working. I grabbed the OpenVPN config and credentials from the page on Windscribe's site (https://windscribe.com/getconfig/openvpn need an account to see this), then pasted them into the advanced VPN settings on DumaOS.

The logs show that it seems to connect ok, but then throws the error "Authenticate/Decrypt packet error: missing authentication info". Keeps doing that for about a minute, then exits due to a fatal error. (I've definitely got the right credentials from Windscribe, as they give you a specific username & password combo for OpenVPN use - I found that one out the hard way when my usual username & password didn't work and threw a different errror!)

Full log is pasted below, hopefully you've got some insight, thanks

 

 

Sat Apr  3 22:18:07 2021 OpenVPN 2.3.4 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  4 2018
Sat Apr  3 22:18:07 2021 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
Sat Apr  3 22:18:07 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr  3 22:18:07 2021 Control Channel Authentication: tls-auth using INLINE static key file
Sat Apr  3 22:18:07 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr  3 22:18:07 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr  3 22:18:07 2021 UDPv4 link local: [undef]
Sat Apr  3 22:18:07 2021 UDPv4 link remote: [AF_INET]185.232.22.131:443
Sat Apr  3 22:18:07 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Apr  3 22:18:07 2021 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Sat Apr  3 22:18:07 2021 Validating certificate key usage
Sat Apr  3 22:18:07 2021 ++ Certificate has key usage  00a0, expects 00a0
Sat Apr  3 22:18:07 2021 VERIFY KU OK
Sat Apr  3 22:18:07 2021 Validating certificate extended key usage
Sat Apr  3 22:18:07 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Apr  3 22:18:07 2021 VERIFY EKU OK
Sat Apr  3 22:18:07 2021 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
Sat Apr  3 22:18:07 2021 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Apr  3 22:18:07 2021 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr  3 22:18:07 2021 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Apr  3 22:18:07 2021 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr  3 22:18:07 2021 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 4096 bit RSA
Sat Apr  3 22:18:07 2021 [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]185.232.22.131:443
Sat Apr  3 22:18:09 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:09 2021 TUN/TAP device tun0 opened
Sat Apr  3 22:18:09 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Apr  3 22:18:09 2021 /sbin/ifconfig tun0 10.111.174.101 netmask 255.255.254.0 mtu 1500 broadcast 10.111.175.255
Sat Apr  3 22:18:09 2021 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpnup 51 tun0 1500 1602 10.111.174.101 255.255.254.0 init
Sat Apr  3 22:18:10 2021 Initialization Sequence Completed
Sat Apr  3 22:18:14 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:19 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:24 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:29 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:34 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:39 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:45 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:49 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:49 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:50 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:50 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:18:56 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:19:00 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:19:05 2021 Authenticate/Decrypt packet error: missing authentication info
Sat Apr  3 22:19:09 2021 [Windscribe Node Server 4096] Inactivity timeout (--ping-restart), restarting
Sat Apr  3 22:19:09 2021 SIGUSR1[soft,ping-restart] received, process restarting
Sat Apr  3 22:19:11 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr  3 22:19:11 2021 UDPv4 link local: [undef]
Sat Apr  3 22:19:11 2021 UDPv4 link remote: [AF_INET]38.132.122.131:443
Sat Apr  3 22:19:11 2021 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Sat Apr  3 22:19:11 2021 Validating certificate key usage
Sat Apr  3 22:19:11 2021 ++ Certificate has key usage  00a0, expects 00a0
Sat Apr  3 22:19:11 2021 VERIFY KU OK
Sat Apr  3 22:19:11 2021 Validating certificate extended key usage
Sat Apr  3 22:19:11 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Apr  3 22:19:11 2021 VERIFY EKU OK
Sat Apr  3 22:19:11 2021 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
Sat Apr  3 22:19:12 2021 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Apr  3 22:19:12 2021 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr  3 22:19:12 2021 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Apr  3 22:19:12 2021 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr  3 22:19:12 2021 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 4096 bit RSA
Sat Apr  3 22:19:12 2021 [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]38.132.122.131:443
Sat Apr  3 22:19:14 2021 Preserving previous TUN/TAP instance: tun0
Sat Apr  3 22:19:14 2021 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sat Apr  3 22:19:14 2021 Closing TUN/TAP interface
Sat Apr  3 22:19:14 2021 /sbin/ifconfig tun0 0.0.0.0
Sat Apr  3 22:19:14 2021 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpndown 51 tun0 1500 1602 10.111.174.101 255.255.254.0 init
openvpn-event.lua: bad argument #3 to 'format' (string expected, got nil) -> stack traceback:
    ?: in function <?:73>
    [C]: in function 'format'
    ?: in function 'safe_execute'
    ?: in function '?'
    ?: in function 'on_vpn_down'
    ?: in function '?'
    ?: in function '?'
    ?: in function '?'
    ?: in function <?:48>
    [C]: in function 'xpcall'
    ?: in function 'try'
    ?: in function <?:46>
    [C]: in function 'run'
    ?: in function <?:345>
    [C]: in function 'xpcall'
    ?: in function 'try'
    ?: in function <?:261>
    (tail call): ?
    /dumaos/api/cli.lua:48: in function </dumaos/api/cli.lua:30>
    [C]: in function 'xpcall'
    /dumaos/api/cli.lua:59: in main chunk
    [C]: ?
Sat Apr  3 22:19:14 2021 WARNING: Failed running command (--up/--down): external program exited with error status: 3
Sat Apr  3 22:19:14 2021 Exiting due to fatal error

[Netduma Fraser]

Could you provide the config file you're using please and I can take a look, it may need to be adjusted

[chimp]

Sure, it's a .ovpn file I opened with a text editor and copied the text into the advanced box on DumaOS.

 

client
dev tun
proto udp
remote wfus-178.whiskergalaxy.com 443

nobind
auth-user-pass

resolv-retry infinite

auth SHA512
cipher AES-256-CBC
comp-lzo
verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun

key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
BAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwS
V2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQD
DBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMy
NjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9u
dG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0
aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPE
r2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/
uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aP
q+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3
ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2g
JOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94
Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG
32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfv
ktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUK
hi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZS
woLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Ai
pm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1Ud
IwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjj
ZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8
fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT
1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iM
Kw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62
ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9
RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dR
gIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFem
MLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLE
XCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/e
l/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8o
ZYGQgrLt+ot8MbLhJlkp4Q==
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
5801926a57ac2ce27e3dfd1dd6ef8204
2d82bd4f3f0021296f57734f6f1ea714
a6623845541c4b0c3dea0a050fe6746c
b66dfab14cda27e5ae09d7c155aa554f
399fa4a863f0e8c1af787e5c602a801d
3a2ec41e395a978d56729457fe6102d7
d9e9119aa83643210b33c678f9d4109e
3154ac9c759e490cb309b319cf708cae
83ddadc3060a7a26564d1a24411cd552
fe6620ea16b755697a4fc5e6e9d0cfc0
c5c4a1874685429046a424c026db672e
4c2c492898052ba59128d46200b40f88
0027a8b6610a4d559bdc9346d33a0a6b
08e75c7fd43192b162bfd0aef0c716b3
1584827693f676f9a5047123466f0654
eade34972586b31c6ce7e395f4b478cb
-----END OpenVPN Static key V1-----
</tls-auth>

[Netduma Fraser]

Thanks for that, it could be that the server is down, can you try using another server and see if you get the same thing please?

[chimp]

Thanks - just tried, same issue.

[Netduma Fraser]

Is that the whole file you received or did you get a zip file with loads included? If so could you provide that please?

[chimp]

There's a separate download with a .crt and .key file, but the .crt is just everything inside the <ca> tags, and the .key is everything inside the <tls-auth> tags.

[Netduma Fraser]

Try this config instead please:

client

dev tun
proto tcp
remote wfus-178.whiskergalaxy.com 443
 
nobind
auth-user-pass
 
resolv-retry infinite
 
auth SHA512
cipher AES-256-CBC
keysize 256
comp-lzo
verb 2
mute-replay-warnings
ns-cert-type server
persist-key
persist-tun
 
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
BAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwS
V2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQD
DBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMy
NjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9u
dG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0
aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPE
r2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/
uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aP
q+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3
ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2g
JOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94
Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG
32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfv
ktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUK
hi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZS
woLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Ai
pm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1Ud
IwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjj
ZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8
fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT
1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iM
Kw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62
ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9
RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dR
gIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFem
MLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLE
XCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/e
l/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8o
ZYGQgrLt+ot8MbLhJlkp4Q==
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
5801926a57ac2ce27e3dfd1dd6ef8204
2d82bd4f3f0021296f57734f6f1ea714
a6623845541c4b0c3dea0a050fe6746c
b66dfab14cda27e5ae09d7c155aa554f
399fa4a863f0e8c1af787e5c602a801d
3a2ec41e395a978d56729457fe6102d7
d9e9119aa83643210b33c678f9d4109e
3154ac9c759e490cb309b319cf708cae
83ddadc3060a7a26564d1a24411cd552
fe6620ea16b755697a4fc5e6e9d0cfc0
c5c4a1874685429046a424c026db672e
4c2c492898052ba59128d46200b40f88
0027a8b6610a4d559bdc9346d33a0a6b
08e75c7fd43192b162bfd0aef0c716b3
1584827693f676f9a5047123466f0654
eade34972586b31c6ce7e395f4b478cb
-----END OpenVPN Static key V1-----
</tls-auth>

[chimp]

No luck there sadly - logs below

 

Sun Apr  4 17:49:37 2021 OpenVPN 2.3.4 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  4 2018
Sun Apr  4 17:49:37 2021 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
Sun Apr  4 17:49:37 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr  4 17:49:37 2021 Control Channel Authentication: tls-auth using INLINE static key file
Sun Apr  4 17:49:37 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr  4 17:49:37 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr  4 17:49:37 2021 Attempting to establish TCP connection with [AF_INET]38.132.122.195:443 [nonblock]
Sun Apr  4 17:49:38 2021 TCP connection established with [AF_INET]38.132.122.195:443
Sun Apr  4 17:49:38 2021 TCPv4_CLIENT link local: [undef]
Sun Apr  4 17:49:38 2021 TCPv4_CLIENT link remote: [AF_INET]38.132.122.195:443
Sun Apr  4 17:49:38 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Apr  4 17:49:39 2021 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Sun Apr  4 17:49:39 2021 VERIFY OK: nsCertType=SERVER
Sun Apr  4 17:49:39 2021 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
Sun Apr  4 17:49:40 2021 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr  4 17:49:40 2021 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr  4 17:49:40 2021 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr  4 17:49:40 2021 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr  4 17:49:40 2021 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 4096 bit RSA
Sun Apr  4 17:49:40 2021 [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]38.132.122.195:443
Sun Apr  4 17:49:43 2021 TUN/TAP device tun0 opened
Sun Apr  4 17:49:43 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Apr  4 17:49:43 2021 /sbin/ifconfig tun0 10.118.24.8 netmask 255.255.254.0 mtu 1500 broadcast 10.118.25.255
Sun Apr  4 17:49:43 2021 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpnup 54 tun0 1500 1604 10.118.24.8 255.255.254.0 init
Sun Apr  4 17:49:43 2021 Initialization Sequence Completed
Sun Apr  4 17:49:47 2021 Authenticate/Decrypt packet error: missing authentication info
Sun Apr  4 17:49:47 2021 Fatal decryption error (process_incoming_link), restarting
Sun Apr  4 17:49:47 2021 SIGUSR1[soft,decryption-error] received, process restarting
Sun Apr  4 17:49:52 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr  4 17:49:52 2021 Attempting to establish TCP connection with [AF_INET]38.132.122.131:443 [nonblock]
Sun Apr  4 17:49:53 2021 TCP connection established with [AF_INET]38.132.122.131:443
Sun Apr  4 17:49:53 2021 TCPv4_CLIENT link local: [undef]
Sun Apr  4 17:49:53 2021 TCPv4_CLIENT link remote: [AF_INET]38.132.122.131:443
Sun Apr  4 17:49:54 2021 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Sun Apr  4 17:49:54 2021 VERIFY OK: nsCertType=SERVER
Sun Apr  4 17:49:54 2021 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
Sun Apr  4 17:49:55 2021 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr  4 17:49:55 2021 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr  4 17:49:55 2021 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr  4 17:49:55 2021 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr  4 17:49:55 2021 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 4096 bit RSA
Sun Apr  4 17:49:55 2021 [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]38.132.122.131:443
Sun Apr  4 17:49:57 2021 Preserving previous TUN/TAP instance: tun0
Sun Apr  4 17:49:57 2021 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sun Apr  4 17:49:57 2021 Closing TUN/TAP interface
Sun Apr  4 17:49:57 2021 /sbin/ifconfig tun0 0.0.0.0
Sun Apr  4 17:49:57 2021 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpndown 54 tun0 1500 1604 10.118.24.8 255.255.254.0 init
openvpn-event.lua: bad argument #3 to 'format' (string expected, got nil) -> stack traceback:
    ?: in function <?:73>
    [C]: in function 'format'
    ?: in function 'safe_execute'
    ?: in function '?'
    ?: in function 'on_vpn_down'
    ?: in function '?'
    ?: in function '?'
    ?: in function '?'
    ?: in function <?:48>
    [C]: in function 'xpcall'
    ?: in function 'try'
    ?: in function <?:46>
    [C]: in function 'run'
    ?: in function <?:345>
    [C]: in function 'xpcall'
    ?: in function 'try'
    ?: in function <?:261>
    (tail call): ?
    /dumaos/api/cli.lua:48: in function </dumaos/api/cli.lua:30>
    [C]: in function 'xpcall'
    /dumaos/api/cli.lua:59: in main chunk
    [C]: ?
Sun Apr  4 17:49:58 2021 WARNING: Failed running command (--up/--down): external program exited with error status: 3
Sun Apr  4 17:49:58 2021 Exiting due to fatal error

[Netduma Fraser]

Could you contact them and ask them for an OpenVPN config that is compatible with OpenVPN version 2.3.4 just to make sure please?

[chimp]

I'll send a ticket into them and update when I hear back. Appreciate your help

[chimp]

I did notice on the Windscribe Config Generator page that it says:

Quote

DNS Settings (Advanced)

Some devices like some consumer routers do not accept server pushed DNS settings. If this is the case, configure your DNS manually to 10.255.255.1

Keep in mind, this is an internal IPs, and will not work when you're not connected to Windscribe.

I went into Network Settings on DumaOS and tried using DNS override to force the DNS to that address, but this didn't help.

[Netduma Fraser]

Good spot, fingers crossed they'll come through with a config that will work

[chimp]

Had a lot of back and forth with an agent at Windscribe, they gave me a few altered config files to try and some other stuff but nothing worked. They've now come back with:

Quote

It looks like your router does not support LZO Compression and this is a requirement for Windscribe.
Does your router support IPSec type VPN connectivity?

[Netduma Fraser]

No only OpenVPN currently, not IPSec. I'll check with the team about LZO and get back to you.

[Netduma Fraser]

Add comp-lzo yes before ca somewhere and hopefully that will allow you to get a connection

[chimp]

No luck unfortunately The config file Windscribe generates does have "comp-lzo" on one line, I tried adding "yes" to that and also tried adding "comp-lzo yes" as a separate line but neither did the trick.

[Netduma Fraser]

I don't think that VPN will work then unfortunately, may be best to try another provider

[chimp]

No problem, if it won't it won't :)

I have been asked by the fella I'm in contact with at Windscribe if there are "any resources available that explain the specification requirements of the OpenVPN Client for this router" - have you got anything in that vein I can forward over to them? Sounds as if they're keen to put the effort in to make the changes necessary on their end!

[Netduma Fraser]

48 minutes ago, chimp said:

No problem, if it won't it won't :)

I have been asked by the fella I'm in contact with at Windscribe if there are "any resources available that explain the specification requirements of the OpenVPN Client for this router" - have you got anything in that vein I can forward over to them? Sounds as if they're keen to put the effort in to make the changes necessary on their end!

That's great! I've asked the team and will get back to you if there is anything we can provide